Pessoal, O ultimo firewall q escrevi foi em 2003. Agora to recomecando do zero em um novo servidor. Por hora ele tem squid transparente, mas vai ter apache e email. Qdo ativo o firewall, o repasse de email esta ok, porem NAO navego, nem consigo acessar o ssh. Lembro que tem q abrir portas de retorno, mas nao sei como faz. Alguem pode olhar o script abaixo,e me dizer aonde estou pegado ?
Obrigado Marcelo ext='eth0' int='eth1' ipint='192.168.0.1' redeint='192.168.0.0/16' ipext='200.200.233.200' redeext='200.200.233.0/255.255.255.192' internet='0/0' modprobe iptable_nat ####################3#Politicas padroes iptables -P INPUT DROP iptables -P FORWARD DROP #iptables -P OUTPUT DROP echo 1 > /proc/sys/net/ipv4/ip_forward # # Habilita o NAT + Proxy Transparente # iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth0 -j SNAT --to-source 200.200.233.200 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 ##################### Libera Ping rede interna iptables -A OUTPUT -p icmp -s $ipext -d $redeext --icmp-type 8 -j ACCEPT iptables -A INPUT -p icmp -s $ipext -d $redeext --icmp-type 8 -j ACCEPT iptables -A OUTPUT -p icmp -s $ipext -d $redeext --icmp-type 0 -j ACCEPT iptables -A INPUT -p icmp -s $ipext -d $redeext --icmp-type 0 -j ACCEPT ##################### Libera DNS, HTTP, ICMP GW-Internet, Proxy iptables -A OUTPUT -p udp -s $ipext -d $internet --dport 53 -j ACCEPT iptables -A INPUT -p udp -s $internet -d $ipext --sport 53 -j ACCEPT iptables -A OUTPUT -p icmp -s $ipext -d $internet --icmp-type 8 -j ACCEPT iptables -A INPUT -p icmp -s $internet -d $ipext --icmp-type 0 -j ACCEPT iptables -A OUTPUT -p tcp -s $ipint -d $internet --dport 80 -j ACCEPT iptables -A INPUT -p tcp -s $internet -d $ipint --sport 80 -j ACCEPT iptables -A OUTPUT -p tcp -s $ipint -d $redeint --dport 3128 -j ACCEPT iptables -A INPUT -p tcp -s $redeint -d $ipint --sport 3128 -j ACCEPT ##################### Libera DNS / PING / HTTP / POP / SMTP p/ rede interna iptables -A FORWARD -p udp -s $redeint -d $internet --dport 53 -j ACCEPT iptables -A FORWARD -p udp -s $internet -d $redeint --sport 53 -j ACCEPT iptables -A FORWARD -p icmp -s $redeint -d $internet --icmp-type 8 -j ACCEPT iptables -A FORWARD -p icmp -s $internet -d $redeint --icmp-type 0 -j ACCEPT iptables -A FORWARD -p tcp -s $redeint -d $internet --dport 80 -j ACCEPT iptables -A FORWARD -p tcp -s $internet -d $redeint --sport 80 -j ACCEPT iptables -A FORWARD -p tcp -s $redeint -d $internet --dport 25 -j ACCEPT iptables -A FORWARD -p tcp -s $internet -d $redeint --sport 25 -j ACCEPT iptables -A FORWARD -p tcp -s $redeint -d $internet --dport 110 -j ACCEPT iptables -A FORWARD -p tcp -s $internet -d $redeint --sport 110 -j ACCEPT ##################### Libera SSH p/ rede interna iptables -A INPUT -p udp -s $redeint -d $ipint --sport 22 -j ACCEPT iptables -A OUTPUT -p udp -s $ipint -d $redeint --dport 22 -j ACCEPT -- Interessado em aprender mais sobre o Ubuntu em português? http://wiki.ubuntu-br.org/ComeceAqui - ubuntu-br mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-br
